I have a customer who created a dashboard with 28 unique searches. (Using Splunk 6.1.1). It's some cool stuff, but, that's nuts. A lot of the searches are simply different timeframes - one day in one chart, and 1 month in the other. Any suggestions on how to prevent 28 unique searches?
As an alternative or addition to post processing, you could accelerate, summarize, or schedule historic searches like the thirty day one because that's doing a lot of things over and over again without changes to the data.
Take schedule as an example, you could have the search run over -30d@d to @d every night at 1 AM and everyone loading the dashboard that day gets the canned results from 1 AM.